diff options
author | Björn Mattsson <Bjorn.Mattsson@bth.se> | 2020-11-23 11:23:49 +0100 |
---|---|---|
committer | Björn Mattsson <Bjorn.Mattsson@bth.se> | 2020-11-23 11:23:49 +0100 |
commit | 33e1be1ca738154340bb8db8a48f3b097ed8cffc (patch) | |
tree | a4fa72399dfa39f78f58bdb270cd9b7a415e7569 | |
parent | 344a76af21bf2d7d189de7d278875d28a7185cb0 (diff) |
Resolved SWAMID-3546 and 3547
-rw-r--r-- | swamid-2.0/mp.uu.se-Shibboleth.sso.xml | 57 | ||||
-rw-r--r-- | swamid-2.0/test.mp.uu.se-shibboleth-sso.xml | 30 |
2 files changed, 69 insertions, 18 deletions
diff --git a/swamid-2.0/mp.uu.se-Shibboleth.sso.xml b/swamid-2.0/mp.uu.se-Shibboleth.sso.xml index 36f95620..169f5933 100644 --- a/swamid-2.0/mp.uu.se-Shibboleth.sso.xml +++ b/swamid-2.0/mp.uu.se-Shibboleth.sso.xml @@ -4,17 +4,35 @@ <mdrpi:RegistrationInfo registrationAuthority="http://www.swamid.se/"> <mdrpi:RegistrationPolicy xml:lang="en">https://www.sunet.se/wp-content/uploads/2016/08/SWAMID-Metadata-Registration-Practice-Statement-v2.pdf</mdrpi:RegistrationPolicy> </mdrpi:RegistrationInfo> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> + <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <samla:Attribute xmlns:samla="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> - <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> <samla:AttributeValue>http://www.swamid.se/category/research-and-education</samla:AttributeValue> + <samla:AttributeValue>http://www.swamid.se/category/hei-service</samla:AttributeValue> <samla:AttributeValue>http://refeds.org/category/research-and-scholarship</samla:AttributeValue> </samla:Attribute> </mdattr:EntityAttributes> </md:Extensions> - <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol"> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:Extensions> <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://mp.uu.se/Shibboleth.sso/Login"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://mp.uu.se/Shibboleth.sso/DS"/> + <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://mp.uu.se/Shibboleth.sso/DS" index="1"/> <mdui:UIInfo> <mdui:DisplayName xml:lang="sv">Medarbetarportalen vid Uppsala universitet</mdui:DisplayName> <mdui:DisplayName xml:lang="en">The Staff Portal (Medarbetarportalen) at Uppsala University</mdui:DisplayName> @@ -26,9 +44,10 @@ </md:Extensions> <md:KeyDescriptor> <ds:KeyInfo> + <ds:KeyName>mp.uu.se</ds:KeyName> <ds:X509Data> - <ds:X509Certificate> -MIIC3zCCAcegAwIBAgIJAKpDmQ/flLdVMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV + <ds:X509SubjectName>CN=mp.uu.se</ds:X509SubjectName> + <ds:X509Certificate>MIIC3zCCAcegAwIBAgIJAKpDmQ/flLdVMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV BAMTCG1wLnV1LnNlMB4XDTEyMTAxMTE0NTAyOFoXDTIyMTAwOTE0NTAyOFowEzER MA8GA1UEAxMIbXAudXUuc2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCvr+kBJ2UuNB0YitaXHig2ksWqvlio4e3zfQpQUVM97ING6GwaLtHFBVuOyKgI @@ -44,17 +63,31 @@ w7f1NHlFokb1v7FvN/WKxf37z8Cy49Sfg9Hg6lv+jNobb5lSBjwnTICfCl+ffdFu xHXT67mQsDSoiBiExsGPjtqxbrVy2v9WV1Oup6UjXIgOacpaDNErD1XzAkQP6LD4 t9uEzq8Qiu8ImRG9SyPDd76umF5tLtg53EHaK1o2LnSU4CyjsnUX5Np1l13rMKaR Ohr8KLKt6tC/JZ059e8ENxrN7g== - </ds:X509Certificate> +</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://mp.uu.se/Shibboleth.sso/Artifact/SOAP" index="1"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://mp.uu.se/Shibboleth.sso/SLO/SOAP"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mp.uu.se/Shibboleth.sso/SLO/Redirect"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mp.uu.se/Shibboleth.sso/SLO/POST"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://mp.uu.se/Shibboleth.sso/SLO/Artifact"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://mp.uu.se/Shibboleth.sso/NIM/SOAP"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://mp.uu.se/Shibboleth.sso/NIM/Redirect"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mp.uu.se/Shibboleth.sso/NIM/POST"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://mp.uu.se/Shibboleth.sso/NIM/Artifact"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mp.uu.se/Shibboleth.sso/SAML2/POST" index="1"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://mp.uu.se/Shibboleth.sso/SAML2/ECP" index="3"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://mp.uu.se/Shibboleth.sso/SAML/POST" index="4"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://mp.uu.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://mp.uu.se/Shibboleth.sso/SAML2/ECP" index="4"/> <md:AttributeConsumingService index="1"> <md:ServiceName xml:lang="sv">Medarbetarportalen vid Uppsala universitet</md:ServiceName> <md:ServiceName xml:lang="en">The Staff Portal (Medarbetarportalen) at Uppsala University</md:ServiceName> @@ -73,13 +106,21 @@ Ohr8KLKt6tC/JZ059e8ENxrN7g== <md:OrganizationURL xml:lang="sv">http://www.uu.se/</md:OrganizationURL> <md:OrganizationURL xml:lang="en">http://www.uu.se/en/</md:OrganizationURL> </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:Company>Uppsala universitet</md:Company> + <md:SurName>Servicedesk</md:SurName> + <md:EmailAddress>mailto:servicedesk@uu.se</md:EmailAddress> + <md:TelephoneNumber>+46-18-4714400</md:TelephoneNumber> + </md:ContactPerson> <md:ContactPerson contactType="technical"> <md:Company>Uppsala universitet</md:Company> + <md:SurName>Operations</md:SurName> <md:EmailAddress>mailto:liferay-datordrift@its.uu.se</md:EmailAddress> </md:ContactPerson> <md:ContactPerson contactType="support"> <md:Company>Uppsala universitet</md:Company> + <md:SurName>Servicedesk</md:SurName> <md:EmailAddress>mailto:servicedesk@uu.se</md:EmailAddress> - <md:TelephoneNumber>+46184714400</md:TelephoneNumber> + <md:TelephoneNumber>+46-18-4714400</md:TelephoneNumber> </md:ContactPerson> </md:EntityDescriptor> diff --git a/swamid-2.0/test.mp.uu.se-shibboleth-sso.xml b/swamid-2.0/test.mp.uu.se-shibboleth-sso.xml index 2814c880..e71c6b68 100644 --- a/swamid-2.0/test.mp.uu.se-shibboleth-sso.xml +++ b/swamid-2.0/test.mp.uu.se-shibboleth-sso.xml @@ -9,10 +9,15 @@ <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/> <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/> <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/> + <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> @@ -23,9 +28,11 @@ </samla:Attribute> </mdattr:EntityAttributes> </md:Extensions> - <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol"> + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:Extensions> <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://test.mp.uu.se/Shibboleth.sso/Login"/> + <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://test.mp.uu.se/Shibboleth.sso/DS"/> + <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://test.mp.uu.se/Shibboleth.sso/DS" index="1"/> <mdui:UIInfo> <mdui:DisplayName xml:lang="sv">Medarbetarportalen vid Uppsala universitet (TEST)</mdui:DisplayName> <mdui:DisplayName xml:lang="en">The Staff Portal (Medarbetarportalen) at Uppsala University (TEST)</mdui:DisplayName> @@ -59,6 +66,9 @@ f91arR1JmuNzmHFNaLikuWCqw/8qr938FM2uP4W2OTcMm998DSp5z+SDOHphuhZF </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> @@ -67,7 +77,6 @@ f91arR1JmuNzmHFNaLikuWCqw/8qr938FM2uP4W2OTcMm998DSp5z+SDOHphuhZF <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> </md:KeyDescriptor> <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test.mp.uu.se/Shibboleth.sso/Artifact/SOAP" index="1"/> - <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test.mp.uu.se/Shibboleth.sso/Artifact/SOAP" index="2"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://test.mp.uu.se/Shibboleth.sso/SLO/SOAP"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://test.mp.uu.se/Shibboleth.sso/SLO/Redirect"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.mp.uu.se/Shibboleth.sso/SLO/POST"/> @@ -77,15 +86,8 @@ f91arR1JmuNzmHFNaLikuWCqw/8qr938FM2uP4W2OTcMm998DSp5z+SDOHphuhZF <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.mp.uu.se/Shibboleth.sso/NIM/POST"/> <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://test.mp.uu.se/Shibboleth.sso/NIM/Artifact"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/POST" index="1"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/Artifact" index="3"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/ECP" index="4"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/POST" index="5"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="6"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/Artifact" index="7"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://test.mp.uu.se/Shibboleth.sso/SAML2/ECP" index="8"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://test.mp.uu.se/Shibboleth.sso/SAML/POST" index="9"/> - <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://test.mp.uu.se/Shibboleth.sso/SAML/Artifact" index="10"/> <md:AttributeConsumingService index="1"> <md:ServiceName xml:lang="sv">Medarbetarportalen vid Uppsala universitet (TEST)</md:ServiceName> <md:ServiceName xml:lang="en">The Staff Portal (Medarbetarportalen) at Uppsala University (TEST)</md:ServiceName> @@ -104,13 +106,21 @@ f91arR1JmuNzmHFNaLikuWCqw/8qr938FM2uP4W2OTcMm998DSp5z+SDOHphuhZF <md:OrganizationURL xml:lang="sv">http://www.uu.se/</md:OrganizationURL> <md:OrganizationURL xml:lang="en">http://www.uu.se/en/</md:OrganizationURL> </md:Organization> + <md:ContactPerson contactType="administrative"> + <md:Company>Uppsala universitet</md:Company> + <md:SurName>Servicedesk</md:SurName> + <md:EmailAddress>mailto:servicedesk@uu.se</md:EmailAddress> + <md:TelephoneNumber>+46-18-4714400</md:TelephoneNumber> + </md:ContactPerson> <md:ContactPerson contactType="technical"> <md:Company>Uppsala universitet</md:Company> + <md:SurName>Operations</md:SurName> <md:EmailAddress>mailto:liferay-datordrift@its.uu.se</md:EmailAddress> </md:ContactPerson> <md:ContactPerson contactType="support"> <md:Company>Uppsala universitet</md:Company> + <md:SurName>Servicedesk</md:SurName> <md:EmailAddress>mailto:servicedesk@uu.se</md:EmailAddress> - <md:TelephoneNumber>+46184714400</md:TelephoneNumber> + <md:TelephoneNumber>+46-18-4714400</md:TelephoneNumber> </md:ContactPerson> </md:EntityDescriptor> |